KAPE had several updates during Q3 2023. Here is a recap of all the important enhancements and news from July through September 2023:
KAPE training will no longer be offered as live training sessions but rather will be hosted in a self-paced model for students to become trained and certified at their own convenience.
The new training model will provide the following:
Kroll will look to release the overhauled KAPE Training program towards the end of 2023. More details to come.
As highlighted in the previous Q2 2023 Quarterly Update, Kroll published an official demo walkthrough of KAPE by Andrew Rathbun. Check it out!
The !SANS_Triage Compound Target has been updated with multiple new artifacts, including:
Multiple useful KAPE Modules were created during Q3 2023. TZWorks’ tools had many new Modules created for multiple different tools within the TZWorks suite, as found here. Additional helpful PowerShell Modules have been added that can be used to convert PowerShell consolehost history.txt and Usage Logs files to CSV, which can then be ingested into a tool like Timeline Explorer for analysis. Lastly, multiple new NirSoft tools had Modules created for them, as found here.
Here is an overview of the changes to the KapeFiles GitHub repository from July 1, 2023 to September 30, 2023.
Our experts recommend “watching” the following GitHub repositories for KAPE-related updates:
Looking for the EZ button to keep KAPE, EZ Tools and the ancillary files associated with your instance(s) of KAPE updated? Check out the PowerShell script created by Kroll’s Andrew Rathbun here to ensure your copy of KAPE is being updated.
There are a number of KAPE resources for additional KAPE support, including the KAPE manual, or you can contact our experts directly at [email protected]. An enterprise license is required when KAPE is used on a third-party network and/or as part of a paid engagement.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Kroll's expertise establishes whether data was compromised and to what extent. We uncover actionable information, leaving you better prepared to manage a future incident.
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
In a business email compromise (BEC) attack, fast and decisive response can make a tremendous difference in limiting financial, reputational and litigation risk. With decades of experience investigating BEC scams across a variety of platforms and proprietary forensic tools, Kroll is your ultimate BEC response partner.
Find, collect and process forensically useful artifacts in minutes.
The latest KAPE tutorials, webcasts and guides created by Kroll instructors.